Open Banking: Disruption is afoot for regulators as well as banks

The much anticipated “Open Banking” revolution will start in 2018 and will have profound implications for the retail banking sector. But what is perhaps less commonly acknowledged is that Open Banking has the potential to disrupt its own architects too. As the dynamics in retail banking change as a result of new products and services made possible by Open Banking, regulators too may need to rethink the way they operate and how they should redesign themselves to remain fit for the future.

Open Banking – a brief overview

From January, the revised Payments Services Directive (PSD2) and, in the UK, the Open Banking Standard1, will require banks to share, at the customer’s request, payments data with any registered Third Party Providers (TPPs) and also allow them to use the bank’s infrastructure to initiate payments on the customer’s behalf. Regulators introduced these rules to create a level playing field between different payment service providers and to boost transparency, innovation, and competition in the market.
In our report, “Open banking - How to flourish in an uncertain future”,we2 conclude that the opening up of banking data will, in the long term, result in a “marketplace banking” model. This will enable customers to use a single interface to choose and access banking products and related services from a multitude of players, including incumbent banks, challengers and FinTechs. Through collaboration, competition, and technological innovation, new and existing players will be able to offer customers innovative, tailored, and good-value products and services.

Overall, this is line with regulators’ initial objectives, but Open Banking will also send regulators into uncharted territory.

Here be dragons

Over the next few years, regulators and supervisors will need to address several new challenges as a result of Open Banking specifically, and technological innovation in financial services (aka FinTech) more generally.

The first challenge is that the unbundling of retail banking services means supervisors will need new ways, and probably more resources, to oversee a much more fragmented financial ecosystem, within an ever expanding regulatory perimeter. This ecosystem will also include an increasing number of non-financial services firms performing either regulated activities, or acting as third parties providing outsourced critical functions.

As Christine Lagarde, the Managing Director of the International Monetary Fund, recently said: “Traditionally, regulators have focused on overseeing well-defined entities. But as new service providers come on stream in new shapes and forms, fitting these into buckets may not be so easy. Think of a social media company that is offering payments services without managing an active balance sheet. What label should we stick on that?”

A related challenge is understanding what the evolution of the ecosystem will mean for the sustainability of incumbent banks’ business models and, in turn, for financial stability. FinTech-driven competition will likely put further pressure on banks’ margins, but it may also result in generally weaker customer relationships and loyalty. This, in turn, may lead to higher deposit volatility, increased liquidity risk, and consequently lower stability in banks’ sources of funding and lending capabilities. The Financial Stability Board, the European Banking Authority, and the UK Financial Conduct Authority (FCA), have already flagged this as an area in need of close monitoring. FinTech will also increasingly blur the lines between financial services regulation and other policy domains. In the Open Banking context, a clear example which we explored recently, is the fact that, if in principle individuals should be able to choose how their data is used, in practice the challenge of reconciling the regulatory objective of data privacy with that of increasing competition is not trivial and, if left unattended, could compromise one or both of them.

Last but not least, the challenges posed by FinTech cannot be considered solely in a national context. Technology is not restricted by geographical boundaries and how to regulate cross-border activities on new technological platforms will need to be addressed. Balancing national interests against the benefits of global harmonisation will not be easy.

This list of challenges is certainly not exhaustive, but it still evidences how technological driven innovation and competition, of which Open Banking is a prime example, will be as much of a challenge for policy makers as for financial services firms.

How can regulators prepare for the future?

Policymakers look likely to have to practice what they preach. Regulators and supervisors will need to review and update their own strategy and business models in response to the fundamental changes taking place in the financial services market. There is no easy answer to how regulators and supervisors should respond, but we have identified what seems to us to be three important considerations.

Innovation and digital transformation
Regulators and supervisors can use the same technologies that are transforming financial services to transform themselves and prepare for the future. Effective use of technology could improve the effectiveness of supervisory efforts, as well as reduce compliance costs for regulated firms. Some regulators are starting to move in this direction - in the UK, the FCA and Bank of England recently announced a project to explore the possibility of a machine readable regulatory environment, in which firms could map regulatory requirements directly to the data they hold. If successful, the project could create the foundation for automated, straight-through-processing of regulatory returns and, potentially, real-time supervision. These types of innovation will be critical in a world where the number of firms and activities within the regulatory perimeter keep expanding, but supervisory resources remain limited. In the words of Agent Smith: “Never send a human to do a machine’s job”.3

Use of regulatory guidelines to accelerate the regulatory process
Regulators have the very difficult job of finding the “golden” equilibrium between supporting innovation and competition, and protecting customers and financial stability. The tricky bit is that, when technology is involved, the transition from “too small to notice” to “too big to fail” can happen very quickly. To use a well-known example, M-Pesa4 was launched by Vodafone in 2007 and by 2013 43% of Kenya’s GDP flowed through it.5 In contrast, regulatory responses typically take time - PSD2 was first proposed in 2013, but will be implemented only from January 2018. A way to address this, at least partially, would be for regulators to make more strategic use of regulatory guidance to respond to rapidly changing markets. Guidance can be issued (and updated) much more quickly than new pieces of regulation and can be very effective in providing firms using or investing in new technology a better understanding of the regulator’s latest thinking on any particular issue. Guidance can be narrower in scope and even technology specific (e.g. guidance of the use of the Cloud). Firms would be able to test their compliance and risk management approaches against such guidance and, if needed, consult with the supervisors to address any concerns or uncertainties. However, guidance is not a silver bullet, and to tackle the issue of the expanding regulatory perimeter, regulators may need new powers to extend their reach quite rapidly, in order to be able to respond to new and fast-developing risks.

Increased cross-sector and cross-border co-operation
Finally, regulatory and supervisory activities in relation to FinTech should not be confined to sectoral or national silos. Financial services authorities should establish regular and formal co-operation agreements with each other and with other relevant public policy bodies (e.g. data privacy supervisors), both at national and international level. Technologies like the Cloud, Application Programming Interfaces (APIs), or Distributed Ledger Technologies could be employed to facilitate access and sharing of supervisory data and information. Working together with counterparts in other sectors and/or jurisdictions could help develop policies that, when considered collectively, are consistent and address emerging risks effectively. At a minimum, through regular dialogue and data sharing regulators would be better placed to identify gaps or inconsistencies in the national or international regulatory framework and to assist firms in dealing with them. This will ultimately enhance competition for the benefit of consumers and help identify and reduce possible financial stability risks.

Finally, whatever the approach, in all likelihood, policymakers will need to recruit additional technology-savvy expert resources. With these resources already in short supply and in high demand from industry, an effective and innovative talent strategy should also be at the forefront of any regulator’s agenda in the coming years.

Key contacts

Partner

David is Head of Deloitte’s EMEA Centre for Regulatory Strategy. He focuses on the impact of regulatory changes - both individual and in aggregate - on the strategies and business/ operating models of... More

Director

Rahul leads the financial services insights team at Deloitte, which generates thought leadership including publications based on the trends, challenges and opportunities within the financial services ... More

Manager

Valeria is a Manager in the EMEA Centre for Regulatory Strategy. Her focus is on regulatory initiatives related to payments and FinTech. Valeria joined Deloitte in early 2012 from a global strategy co... More

Deloitte LLP is the United Kingdom affiliate of Deloitte NWE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. Please see About Deloitte to learn more about our global network of member firms.

Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675.